Closed Bug 304634 Opened 20 years ago Closed 13 years ago

DoS with onBlur="alert('doh!'); focus();"

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Platform:
All
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: karlg, Unassigned)

References

(
URL
)

Details

(Whiteboard: [sg:dos])

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050720 Fedora/1.0.6-1.1.fc3 Firefox/1.0.6 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050720 Fedora/1.0.6-1.1.fc3 Firefox/1.0.6 by using the onBlur in the body tag, an alert call, and focus() tag, you can lock the browser and prevent the user from closing a window indefinately, until the browser process is killed and restarted. linux versions of firefox seem to segfault and die. Windows goes forever. Reproducible: Always Steps to Reproduce: 1. goto site with onBlur body tag 2. try to close the window! 3. Actual Results: browser window Expected Results: user should have the ability to kill a browser window, no matter what html/javascript
here's a version of the offending javascript: <body bgcolor="#FFFFFF" onBlur="alert('doh!'); focus();">
I don't see this problem on Mac with Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6 This might be a dup of bug 61098.
I could reproduce on Windows. Not if the page was the only thing loaded, but when I hit ctrl-T to open a new tab I was locked. Deer Park didn't have much of a problem: I got the alert loop two or three times but then focus rested with the browser and I was able to click the close tab button or close window button (if i touched something else I started the loop again).
Group: security
Depends on: alertloops
Whiteboard: [sg:dos]
Status: UNCONFIRMED → NEW
Ever confirmed: true
Also present in Seamonkey 1.0, WinXP. Pretty serious problem. Windows won't even let you force-close it from the taskbar because it has a responding window showing (the dialog). You need to open task manager and find the browser there.
Assignee: nobody → general
Component: General → DOM: Level 0
Product: Firefox → Core
QA Contact: general → ian
Summary: Denial of service on browser that can be easilly introduced by simple html and javascript → DoS with onBlur="alert('doh!'); focus();"
Version: unspecified → Trunk
Blocks: 246377
Assignee: general → nobody
QA Contact: ian → general
I think this is no longer an issue after Bug 61098 fix...
this is wfm with a cirrent Seamonkey trunk
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.